| Aspect | Details |
|---|---|
| Threat Actors | Helldown Ransomware group |
| Campaign Overview | Active exploitation of vulnerabilities in Zyxel firewalls (CVE-2024-11667) and Advantech wireless devices (CVE-2024-50370-50375) |
| Target Regions (Or Victims) | Small and medium-sized businesses, especially in the US and Europe |
| Methodology | Exploited vulnerabilities for ransomware, data exfiltration, remote code execution, and access to sensitive network devices. |
| Product Targeted | Zyxel firewalls, Advantech wireless access point devices |
| Malware Reference | Helldown ransomware |
| Tools Used | Rogue beacon frames, JavaScript injection, backdoor installation |
| Vulnerabilities Exploited | CVE-2024-11667, CVE-2024-50370 through CVE-2024-50375, CVE-2024-50359, CVE-2024-50376 |
| TTPs | Initial Access, Exploitation, Privilege Escalation, Data Exfiltration, Lateral Movement |
| Attribution | Helldown ransomware group |
| Recommendations | Apply firmware updates, disable remote access, change admin passwords, monitor for unauthorized access, implement 3-2-1 backup strategy |
| Source | SOCRadar |
Read full article: https://socradar.io/zyxel-firewalls-exploited-for-ransomware-attacks-20-security-flaws-discovered-in-advantech-access-points/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply